CISA KEV 정보
| 취약점명 | Microsoft Windows Mount Manager Privilege Escalation Vulnerability |
|---|---|
| 설명 | A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-264 |
| 등록일 (KEV) | 2022-05-25 |
| 조치 기한 | 2022-06-15 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2015-1769 |
NVD 상세 정보
CVSS v3.1: 6.6 MEDIUM
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C설명: Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."
CWE: CWE-264
참조
- http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx [Vendor Advisory]
- http://www.securitytracker.com/id/1033244 [Third Party Advisory, VDB Entry]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085 [Patch, Vendor Advisory]
- http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx [Vendor Advisory]
- http://www.securitytracker.com/id/1033244 [Third Party Advisory, VDB Entry]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085 [Patch, Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1769
This product uses the NVD API but is not endorsed or certified by the NVD.